f7a9583e1b5c72d4ebc998f17b5e4450N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

f7a9583e1b5c72d4ebc998f17b5e4450N.exe
Size

1.6MB
MD5

f7a9583e1b5c72d4ebc998f17b5e4450
SHA1

2b1febcd39778ff84e96c8409e915ce21cd8e599
SHA256

4cb52f763ee54a6f1abe787342d3e08afc001b8d6dd3899f04ac582835a3643a
SHA512

9419ad356f69fbb86e122f7e292ea5b3e47ebf8e92bc6fbd6e0821f742ddd7176fa2da82f071f516f9bbce1d257ac4a8be8f52f4bc6d01e0229de4d8bd24aabe
SSDEEP

24576:ic8x4OC0a3C5TgW9npiV0iE56Jg7cDAyJgX5tpN4bZ5cOZvZZt:uPcUpiq5ABAsgXrkbXr/Zt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f7a9583e1b5c72d4ebc998f17b5e4450N.exe

Files

f7a9583e1b5c72d4ebc998f17b5e4450N.exe
.exe windows:6 windows x86 arch:x86

134b367b43641a8a9137e270fa8fd3f6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\landun\wubi_agent\workspace\p-3417ba0c0c0d46dfae3a04bc6431244c\src\bin\SogouPdb\SogouWubi\WbQueryWindow.pdb

Imports

kernel32

SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetConsoleCP
ReadConsoleW
GetConsoleMode
PeekNamedPipe
GetOEMCP
IsValidCodePage
GetTimeFormatW
SetEndOfFile
WriteConsoleW
GetCurrentThreadId
GetLastError
QueryPerformanceFrequency
HeapDestroy
lstrlenW
lstrcpyW
GetFullPathNameW
GetCurrentDirectoryW
GetFileInformationByHandle
GetDriveTypeW
FindResourceW
LoadResource
FindResourceExW
LockResource
SizeofResource
GetDateFormatW
GetTimeZoneInformation
GetFileType
GetACP
GetStdHandle
FormatMessageA
InitializeCriticalSection
LoadLibraryA
GetSystemDirectoryA
SleepEx
SetFilePointerEx
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
LoadLibraryExW
RtlUnwind
TlsFree
TlsSetValue
TlsGetValue
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
DeleteCriticalSection
MultiByteToWideChar
WideCharToMultiByte
CreateFileW
OpenFileMappingW
UnmapViewOfFile
CloseHandle
CreateFileMappingW
MapViewOfFile
ReadFile
SetLastError
GetCurrentProcess
WriteFile
GetModuleFileNameW
WaitForMultipleObjects
SetFilePointer
ExitThread
CreateEventW
FormatMessageW
GlobalAlloc
GlobalFree
CreateThread
LocalFree
GetFileSize
CreateProcessW
OpenEventW
Sleep
CreateMutexW
WaitForSingleObject
ReleaseMutex
OpenMutexW
FindFirstFileW
FindNextFileW
RemoveDirectoryW
FindClose
GetFileAttributesW
GetVersionExW
GetSystemDirectoryW
SetFileAttributesW
DeleteFileW
LoadLibraryW
GetProcAddress
MoveFileExW
GetModuleHandleW
HeapFree
GetCommandLineW
GetTempPathW
HeapAlloc
GetCurrentProcessId
LocalAlloc
CreateDirectoryW
GetFileAttributesExW
FileTimeToSystemTime
CopyFileW
FreeLibrary
GetProcessHeap
QueryPerformanceCounter
FlushFileBuffers
SetEvent
InitializeCriticalSectionEx
RaiseException
DecodePointer
HeapSize
OutputDebugStringW
HeapReAlloc
IsBadWritePtr
TerminateProcess
lstrcatW
GetLocalTime
VirtualQuery
IsDebuggerPresent
SetUnhandledExceptionFilter
GetTickCount
UnhandledExceptionFilter
IsProcessorFeaturePresent
ResetEvent
WaitForSingleObjectEx
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead
GetStringTypeW
EncodePointer
GetCPInfo
CompareStringW
LCMapStringW
TlsAlloc
HeapCreate

user32

GetKeyboardState
EndDialog
DestroyIcon
CallNextHookEx
GetDlgItem
SendMessageW
SetWindowPos
IsWindowVisible
GetDC
SetScrollInfo
DestroyWindow
GetScrollInfo
GetScrollPos
LoadBitmapW
ScrollWindow
CreateDialogParamW
AdjustWindowRectEx
MonitorFromPoint
GetMenu
InflateRect
GetSystemMetrics
SetWindowTextW
CreatePopupMenu
SetTimer
GetMonitorInfoW
GetDlgCtrlID
ClientToScreen
DestroyMenu
LoadIconW
MessageBoxW
GetClassNameW
DialogBoxParamW
UnhookWindowsHookEx
wvsprintfW
CreateWindowExW
TrackPopupMenuEx
AppendMenuW
KillTimer
DrawEdge
SystemParametersInfoW
UpdateWindow
LoadImageW
GetFocus
FillRect
ScreenToClient
RemovePropW
IsWindow
OffsetRect
GetCapture
DrawFocusRect
GetSysColor
IsWindowEnabled
SetFocus
SetPropW
LoadCursorW
SetCapture
GetWindowDC
SetCursor
SetRectEmpty
DrawTextW
GetParent
PtInRect
ReleaseCapture
InvalidateRect
GetCursorPos
FindWindowW
SetWindowsHookExW
SetWindowLongW
GetWindowThreadProcessId
GetClientRect
SetForegroundWindow
ReleaseDC
GetWindowRect
PostMessageW
CallWindowProcW
DefWindowProcW
GetWindowLongW
GetWindowTextW
EnableWindow
EndPaint
BeginPaint

gdi32

DeleteDC
DeleteObject
CreateDIBSection
StretchBlt
GetTextExtentPointW
CreatePatternBrush
SetBkColor
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetDeviceCaps
CreateFontIndirectW
SetViewportOrgEx
CreateSolidBrush
SelectObject
GetStockObject
GetTextExtentPoint32W
SetTextColor
SetBkMode
GetObjectW

imm32

ImmDisableIME

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

psapi

GetProcessMemoryInfo

comctl32

_TrackMouseEvent
ImageList_LoadImageW
ImageList_Draw
ImageList_Destroy
InitCommonControlsEx
ImageList_GetIconSize

wininet

InternetReadFile
InternetCloseHandle
InternetGetLastResponseInfoW
HttpQueryInfoW
InternetOpenW
InternetOpenUrlW
InternetSetOptionW

advapi32

GetTokenInformation
RegQueryValueExW
RegOpenKeyExW
OpenProcessToken
RegCloseKey
LookupAccountSidW
GetLengthSid
AddAccessAllowedAceEx
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
InitializeAcl
InitializeSecurityDescriptor
SetSecurityDescriptorSacl
GetNamedSecurityInfoW
SetNamedSecurityInfoW
SetEntriesInAclW
BuildExplicitAccessWithNameW
SetSecurityDescriptorDacl
GetSecurityDescriptorSacl
RegSetValueExW
RegCreateKeyExW
RegOpenKeyW

shell32

SHGetFolderPathW
ShellExecuteW
SHFileOperationW

ws2_32

ioctlsocket
recvfrom
sendto
getpeername
connect
bind
send
recv
WSAGetLastError
closesocket
WSACleanup
WSAStartup
listen
accept
select
__WSAFDIsSet
gethostname
WSASetLastError
getservbyname
getservbyport
gethostbyname
gethostbyaddr
inet_ntoa
inet_addr
htonl
getsockopt
socket
setsockopt
ntohs
htons
getsockname

wldap32

ord301
ord200
ord143
ord46
ord211
ord60
ord50
ord41
ord22
ord26
ord27
ord32
ord33
ord35
ord79
ord30

Sections

.text
Size: 808KB - Virtual size: 807KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 413KB - Virtual size: 413KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 76KB - Virtual size: 418KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 354KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

134b367b43641a8a9137e270fa8fd3f6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

imm32

version

psapi

comctl32

wininet

advapi32

shell32

ws2_32

wldap32

Sections

.text Size: 808KB - Virtual size: 807KB

.rdata Size: 413KB - Virtual size: 413KB

.data Size: 76KB - Virtual size: 418KB

.rsrc Size: 354KB - Virtual size: 356KB

.text
Size: 808KB - Virtual size: 807KB

.rdata
Size: 413KB - Virtual size: 413KB

.data
Size: 76KB - Virtual size: 418KB

.rsrc
Size: 354KB - Virtual size: 356KB